Spring Security - 始终重定向到default-target-url

时间:2013-07-14 06:07:50

标签: java xml spring debugging spring-security

访问网址时遇到问题,即使成功登录,也始终会重定向到default-target-url。当我第一次访问/诊所/管理员/ jabatan /它会将我重定向到登录页面,但主要问题是自动重定向或手动访问该URL始终重定向到/ clinic / home。


Spring Security Config:

<beans 
    xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context-3.1.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    <!--auto-config="true"-->
    <security:http use-expressions="true" access-denied-page="/WEB-INF/view/error/access-denied.jsp">
        <security:intercept-url pattern="/index*" access="permitAll" />
        <security:intercept-url pattern="/resources/**" access="permitAll" />
        <security:intercept-url pattern="/administator/**" access="isAuthenticated()" />

        <security:form-login login-page="/index" default-target-url="/home" authentication-failure-url="/index?error=true" />
    </security:http>

    <context:component-scan base-package="com.syncbro.clinic" />
    <context:annotation-config />

    <bean id="userDetailsService" class="com.syncbro.clinic.service.impl.UserDetailsServiceImpl" autowire="byType" />
    <bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="userDetailsService" />
    </bean>

    <security:authentication-manager>
        <security:authentication-provider ref="daoAuthenticationProvider" />
        <!--    <security:password-encoder hash="sha-256" />
        </security:authentication-provider>-->
    </security:authentication-manager>

</beans>


Spring Security DEBUG:

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@94bed677: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@94bed677: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'

INFO: 14 Jul 2013 12:56:25,374 104671 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,374 104671 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,374 104671 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,374 104671 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,374 104671 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'

INFO: 14 Jul 2013 12:56:25,374 104671 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/administator/jabatan/'; against '/index*'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/administator/jabatan/'; against '/index*'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/administator/jabatan/'; against '/resources/**'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/administator/jabatan/'; against '/resources/**'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/administator/jabatan/'; against '/administator/**'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/administator/jabatan/'; against '/administator/**'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /administator/jabatan/; Attributes: [isAuthenticated()]

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /administator/jabatan/; Attributes: [isAuthenticated()]

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.access.vote.AffirmativeBased  - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@57cabdca, returned: 1

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.access.vote.AffirmativeBased  - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@57cabdca, returned: 1

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Authorization successful

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Authorization successful

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - RunAsManager did not change Authentication object

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - RunAsManager did not change Authentication object

INFO: 14 Jul 2013 12:56:25,414 104711 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ reached end of additional filter chain; proceeding with original chain

INFO: 14 Jul 2013 12:56:25,414 104711 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ reached end of additional filter chain; proceeding with original chain

INFO: 14 Jul 2013 12:56:25,424 104721 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - Chain processed normally

INFO: 14 Jul 2013 12:56:25,424 104721 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - Chain processed normally

INFO: 14 Jul 2013 12:56:25,424 104721 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter  - SecurityContextHolder now cleared, as request processing completed

INFO: 14 Jul 2013 12:56:25,424 104721 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter  - SecurityContextHolder now cleared, as request processing completed

INFO: 14 Jul 2013 12:56:25,565 104862 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'

INFO: 14 Jul 2013 12:56:25,565 104862 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@94bed677: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@94bed677: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/home'; against '/index*'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/home'; against '/index*'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/home'; against '/resources/**'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/home'; against '/resources/**'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/home'; against '/administator/**'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/home'; against '/administator/**'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Public object - authentication not attempted

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Public object - authentication not attempted

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home reached end of additional filter chain; proceeding with original chain

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home reached end of additional filter chain; proceeding with original chain

INFO: 14 Jul 2013 12:56:25,606 104903 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - Chain processed normally

INFO: 14 Jul 2013 12:56:25,606 104903 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - Chain processed normally

INFO: 14 Jul 2013 12:56:25,606 104903 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter  - SecurityContextHolder now cleared, as request processing completed

INFO: 14 Jul 2013 12:56:25,606 104903 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter  - SecurityContextHolder now cleared, as request processing completed

2 个答案:

答案 0 :(得分:1)

我认为由于第一个intercept-url规则匹配,它需要permitAll角色;。

<security:intercept-url pattern="/index*" access="permitAll" />

您的登录页面网址还包含&#34; / index&#34;。

<security:form-login login-page="/index" default-target-url="/home" authentication-failure-url="/index?error=true" />

因为&#34; / index&#34; URL需要身份验证和授权,因此会再次重定向到登录页面; 也许你可以改变第一个条目的intercept-url模式并再试一次。

答案 1 :(得分:1)

建议您创建一个单独的欢迎页面,以防您使用索引作为登录页面。

从以下配置中删除 / index 之后的*:

<security:intercept-url pattern="/index" access="permitAll" />

对于此URL / clinic / administator / jabatan / ,定义一个新的拦截器,如下所示:

<security:intercept-url pattern="/administator/jabatan/**" access="isAuthenticated()" />